Posts

Fake Election-related Document found spreading Malware

/in /by

As the world watches for the outcome of the U.S. election and election night turns into election days, cybercriminals are riding the wave using social engineering tactics. The Sonicwall Capture Labs Research team has analyzed a malicious document befittingly named “ElectionInterference” which when opened will download additional malicious software.

Infection Cycle:

The file comes as a Microsoft Excel spreadsheet possibly via spam as an email attachment using the following filename:

ElectionInterference_[0-9]{10}.xls

 

Once executed, the victim will be instructed to enable editing and enable content.

When enabled the auto_open macro runs in the background. This is hidden within one of the sheets as seen in the screenshots below:

It will then create a directory and download a file from a remote server and save it as fiskat.exe in the newly created folder.

  • C:/Temp/temp2/fiskat.exe

This new Trojan will then be executed and perform malicious activities such as gathering data from the victim’s machine. During analysis, we have observed that it created a .dat file with some encrypted data.

It comes as no surprise that cybercriminals take advantage of a crisis, such as the growing number of malware observed using the pandemic or current events such as the BLM protests and now the U.S. Presidential election to spread malware.

SonicWall Capture Labs provides protection against this threat via the following signatures:

  • GAV: Malspam.VBA (Trojan)
  • GAV: Qbot.A (Trojan)

This threat is also detected by SonicWALL Capture ATP w/RTDMI and the Capture Client endpoint solutions.

 

 

 

 

 

CVE-2020–25213: WordPress plugin wp-file-manager actively being exploited in the wild

/in /by

WordPress is a free and open-source content management system written in PHP. WordPress is used by more than 60 million websites. 38% of the web is built on WordPress. Its plugin architecture allows users to extend the features and functionality to tailor the websites to their specific needs.

Vulnerability | CVE-2020-25213:

An improper access control vulnerability has been reported in the File Manager plugin for WordPress. The vulnerability is due to improper access control of connector.minimal.php file while uploading files. An unauthenticated remote attacker can exploit this vulnerability by uploading a file on the target system. A successful attack could result in code execution in the security context of the target WordPress server.

The vulnerable program is connector.minimal.php in wp-content/plugins/wp-file-manager/lib/php/. This vulnerability is due to the fact that the file connector.minimal.php can be accessed by an unauthenticated attacker. connector.minimal.php file loads elFinderConnector.class.php which is capable of reading HTTP request parameters and facilitating the execution of File Manager features such as file upload.  connnector.minimal.php does not implement any authorization mechanisms such as checking the privileges of the user making the request. As a result, an unauthenticated attacker can upload arbitrary files to the server, such as a malicious PHP file, potentially leading to the execution of arbitrary code.

Exploit:

In the above exploit request, the php file “test_php_info.php” can be replaced with any arbitrary file we want to upload on the server. Other than “upload” command, “mkfile and “put” commands available in elFinder could be used to write a PHP file into the file directory and later perform arbitrary remote code execution.

Trend Chart:

Patch:
The below products are affected by this vulnerability.
• File Manager Pro File Manager Plugin for WordPress 6.0 to 6.8
• File Manager Pro File Manager Pro Plugin for WordPress 7.6 to 7.8

The File Manager plugin patched the issue by removing the “lib/php/connector.minimal.php” file from the plugin. Manually removing this file should also prevent attackers from exploiting this vulnerability.

Refer vendor advisory here

SonicWall Capture Labs Threat Research team provides protection against this exploit with the following signatures:

IPS: 15205 WordPress wp-file-manager Plugin Remote Code Execution

Indicators of compromise:
13.85.84.182
176.113.115.89
193.27.229.26
13.82.220.36
20.185.0.202
18.207.254.243
51.11.136.167
52.186.156.31
34.226.244.53
18.207.224.249
37.59.35.206
160.20.147.136
161.35.90.11
13.66.185.182
104.248.238.198

Cybersecurity News & Trends – 10-30-20

/0 Comments/in /by

This week, Ryuk is on the rise, medical records are on display, and Maze is on its way out.

SonicWall in the News

Amid Pandemic, Hospitals Warned of ‘Credible’ and ‘Imminent’ Cyberthreat — ABC News

  • SonicWall’s Q3 threat data detailing the increase of Ryuk ransomware is cited in this article, which centers around FBI’s warning of potential attacks against healthcare providers.

Review: The SonicWall SWS12-10FPOE Switch Simplifies Security — BizTech

  • This article reviews the SWS12-10FPOE Switch and mentions the benefit the product will have on small businesses and branch offices.

FBI Warns of Imminent Wave of Ransomware Attacks Hitting Hospitals — CNET

  • SonicWall’s Q3 Threat Data on the surge of ransomware is included in CNET’s article covering potential attacks on the healthcare industry.

Ryuk Wakes From Hibernation; FBI, DHS Warn of Healthcare Attacks —  Cybersecurity Dive

  • Samantha Schwartz included SonicWall’s Q3 Threat data and a quote from CEO Bill Conner in an article on possible upcoming attacks on the healthcare industry.

Venomous Bear and Charming Kitten Are Mentioned In Dispatches. Ryuk Targets Hospitals. Maze Shutdown? — CyberWire

  • CyberWire included a link to SonicWall’s Q3 Threat data press release in the “Cyber Trends” section of its daily newsletter.

Malware Levels Drop Attacks Become More Targeted — BetaNews

  • BetaNews’ article cites SonicWall’s Q3 Threat data, highlighting the drop in malware and the rise in ransomware and IoT malware attacks so far in 2020.

Ryuk Ransomware Responsible for One Third of All Ransomware Attacks in 2020 — Security Magazine

  • Security Magazine reports on SonicWall’s Q3 Threat Data, highlighting the surge in Ryuk ransomware that’s occurred in 2020.

Industry News

Maze ransomware is shutting down its cybercrime operation — Bleeping Computer

  • The Maze cybercrime gang is shutting down its operations after becoming one of the most prominent ransomware groups.

Trump Campaign Website Is Defaced by Hackers — The New York Times

  • The defacement lasted less than 30 minutes, and the hackers appeared to be looking to generate cryptocurrency.

Microsoft says Iranian hackers targeted conference attendees — The Washington Times

  • Iranian hackers reportedly posed as conference organizers in an attempt to break into the email accounts of “high-profile” people.

EXCLUSIVE: Medical Records of 3.5 Million U.S. Patients Can be Accessed and Manipulated by Anyone — Security Week

  • The results of 13 million medical examinations relating to around 3.5 million U.S. patients are unprotected and available to anyone on the internet, SecurityWeek has learned.

Spy agency ducks questions about ‘back doors’ in tech products — Reuters

  • The U.S. National Security Agency is rebuffing efforts by a leading congressional critic to determine whether it is continuing to place so-called back doors into commercial technology products, a controversial practice that critics say damages both U.S. industry and national security.

FBI: Hackers stole government source code via SonarQube instances — Bleeping Computer

  • The FBI issued a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via insecure and internet-exposed SonarQube instances.

Election Officials Warn of Widespread Suspicious Email Campaign — The Wall Street Journal

  • Local election officials in the U.S. have been receiving suspicious emails that appear to be part of a widespread and potentially malicious campaign targeting several states.

Bitcoin Approaches Highest Level Since Post-Bubble Crash in 2018 — Bloomberg

  • Bitcoin is approaching levels not seen in nearly three years.

US Treasury Sanctions Russian Institution Linked to Triton Malware — Dark Reading

  • Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.

REvil ransomware gang claims over $100 million profit in a year — Bleeping Computer

  • REvil ransomware developers say that they made more than $100 million in one year of extorting large businesses.

Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts — Cyberscoop

  • Patients of a prominent Finnish psychotherapy practice reportedly had their information posted on the dark web after being told they could protect their data by directly paying a ransom.

In Case You Missed It

A new variant of Clop Ransomware surfaces

/in /by

The SonicWall Capture Labs threat research team observed reports of a new variant family of Clop ransomware (Detected as Clop.RSM) actively spreading in the wild.

The Clop ransomware encrypts the victim’s files with a strong encryption algorithm until the victim pays a fee to get them back.

Infection Cycle

The ransomware adds the following files to the system:

  • Malware.exe
  • %CurrentFolder%\HotGIrls (ZeroKb)
  • %CurrentFolder%\Clearnetworkdns_11-22-33.bat

In order to deceive the emulator and avoid execution of the real malicious code in the time bound sandboxes, it calls APIs from Kernel32.dll with invalid parameters. The loop is repeated 666000 times.

After the completion of the loop it starts enumerating running process.

Malware checks the presence of below processes belonging to security vendors:

  • SBAMSvc.exe (GFI AntiMalware antivirus product)
  • VipreAAPSvc.exe (Vipre antivirus product)
  • SBAMTray.exe (Vipre antivirus product)
  • SBPIMSvc.exe (Sunbelt AntiMalware antivirus product)
  • WRSA.exe (WebRoot antivirus product)

If it finds the presence any of these processes it delay the execution by 10 seconds by calling Sleep() api twice with 5 seconds as a parameter.

It creates a Mutex “^_-HappyLife^_-” and checks if its was previously created by calling “WaitForSingleObject” and checking the result with 0. If the result is non zero it means that another instance is running, in that case it exits.

After that it follows the normal execution path (the execution path in which there was no presence of above mentioned security vendor processes)

It drops a batch file in the current folder from where the malware sample is executed and executes the batch file using ShellExecute API.

It then creates two threads, one of the thread uses MPR.DLL for enumerating network resources and encrypting files found on the network drives and other thread is used for enumerating running process:

It searches directory and sub directory using FindFirstFile and FindNextFile APIs, after which a unique hash is calculated using path of the FileName / FolderName which are then compared with hardcoded hash values. If the hash matches the Folder or the File are not encrypted:

In the second thread it starts enumerating the processes, the name of the process are then converted into the upper case:

And using the same logic which was used to calculate the hash value for the FileName /FolderName a unique hash value is calculated.
The hash value is then compared with hardcoded hash values and the process for which the hash is matched is terminated.

It encrypts each bytes of the file with the randomly generated AES key, after encryption at the end of the file it adds the mark “Clop^_”. After the mark it puts the key used to crypt the file ciphered with the master RSA key that has hardcoded the malware.

The .Clop extension is appended to the encrypted files.

And in each folder it drops the ClopReadMe.txt containing ransom note.

 

SonicWall Capture Labs provides protection against this threat via the following signature:

  • GAV: Clop.RSM (Trojan)

Cybersecurity News & Trends – 10-23-20

/0 Comments/in /by

While election security is still making headlines, education news moved to the forefront this week as K-12 institutions continue fighting off a barrage of cyberattacks.

SonicWall in the News

Hackney Council Cyberattack: Why Are Hackers Targeting The Public Sector? — IT Supply Chain

  • Terry Greer-King, VP of EMEA at SonicWall, offers some perspective on the Hackney Council cyberattack — and a warning to other public bodies.

National Cybersecurity Awareness Month – Empower Organizations in Cybersecurity Protocols — Business 2 Community

  • Companies should be doing more to defend against cyberattacks, and during Cybersecurity Awareness Month, cybersecurity professionals are committed to telling you how.

Ripple20 Isn’t An Anomaly – IoT Security is a Mess (Still) — Infosecurity Magazine

  • A new SonicWall report found a 50% increase in IoT malware attacks in the first half of 2020 alone — a number that’s sure to rise further as the number of IoT devices coming online continues to rise.

Industry News

UK’s GCHQ spy chief: We must engage business to harness cyber talent for future — Reuters

  • The head of Britain’s GCHQ agency said on Wednesday it was seeking to engage more with business to harness top cyber talent.

Botnet Fights Back After Microsoft’s Election Security Takedown — Bloomberg

  • After Microsoft led a global attack against a highly prolific malware group, the company says it’s winning the battle to destabilize the malicious botnet ahead of the U.S. presidential election.

LockBit ransomware moves quietly on the network, strikes fast — Bleeping Computer

  • LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network.

Mysterious ‘Robin Hood’ hackers donating stolen money — BBC

  • Darkside hackers claim to have extorted millions of dollars from companies, but say they now want to “make the world a better place.” In a post on the Dark Web, the gang posted receipts for $10,000 in Bitcoin donations to two charities.

U.S. Accuses Google of Illegally Protecting Monopoly — The New York Times

  • A victory for the government could remake one of America’s most recognizable companies and the internet economy that it has helped define.

Hackers Smell Blood as Schools Grapple With Virtual Instruction — The Wall Street Journal

  • Many K-12 schools opting for virtual instruction distributed devices to students and teachers. Now, as this unique school year unfolds, hackers are circling.

TrickBot malware under siege from all sides, and it’s working — Bleeping Computer

  • The Trickbot malware operation is on the brink of going down completely following efforts from an alliance of cybersecurity and hosting providers targeting the botnet’s command-and-control servers.

Democrats introduce bill providing $400 million to protect schools from cyberattacks — The Hill

  • The Enhancing K-12 Cybersecurity Act would establish a $400 million “K-12 Cybersecurity Human Capacity” grant program to help protect educational institutions against attacks.

Hackers now abuse BaseCamp for free malware hosting — Bleeping Computer

  • Phishing campaigns have started using Basecamp as part of malicious phishing campaigns that distribute malware or steal login credentials.

Fancy Bear Imposters Are on a Hacking Extortion Spree — Wired

  • Companies worldwide are getting extortion notices from hackers, which claim to be Fancy Bear or the Lazarus Group, warning them to pay up or face powerful DDoS attacks.

Federal watchdog finds escalating cyberattacks on schools pose potential harm to students — The Hill

  • The Government Accountability Office (GAO), a federal watchdog agency, has concluded that an increasing number of cyberattacks on educational institutions are putting students increasingly at risk.

Thousands of infected IoT devices used in for-profit anonymity service — Ars Technica

  • Some 9,000 devices — mostly Android, but also Linux and Darwin OS— have been corralled into the Interplanetary Storm, a botnet whose chief purpose is creating a for-profit proxy service.

Trump signs legislation making hacking voting systems a federal crime — The Hill

  • Trump has signed the Defending the Integrity of Voting Systems Act unanimously approved by the House last month, over a year after the Senate also unanimously passed the legislation.

In Case You Missed It

Attackers actively targeting vulnerable AVTECH devices

/in /by

SonicWall Capture Labs threat research team observed attacks exploiting old vulnerabilities in AVTECH devices. AVTECH’s primary products are DVR and mobile surveillance systems. It’s products target the IP camera market and are commonly used in intelligence surveillance systems.
Attackers are targeting following two vulnerabilities in AVTECH’s products :

1.Unauthenticated command injection in DVR devices

The cgi_query action in Search.cgi performs HTML requests with the wget system command, which uses the received parameters without sanitization or verification. By exploiting this issue, an attacker can execute any system command with root privileges without authentication.

Following are the list of exploits spotted in the wild

2. Authenticated command injection in CloudSetup.cgi

Devices that support the Avtech cloud contain CloudSetup.cgi, which can be accessed after authentication. The exefile parameter of a CloudSetup.cgi request specifies the system command to be executed.Since there is no verification or white list-based checking of the exefile parameter, an attacker can execute arbitrary system commands with root privileges.

Following are the list of exploits spotted in the wild for this vulnerability

Decoding the URLs and taking a closer look at them .

Both exploits connect to malicious domain and download a shell script. The exploit changes the file permissions and executes the shell script. This in turn is again used to connect to the attacker controlled server to download more malicious files.

SonicWall Capture Labs provides protection against this threat via following signatures:

  • IPS 14697:AVTECH Devices Command Injection
  • IPS 13035:AVTECH Devices Remote Command Execution
  • GAV:Mirai.H
  • GAV:Mirai.H_2
  • GAV:MiraiA.N
  • GAV:MiraiA.N_2

Threat Graph

IoCs:
185.172.110.205
185.172.110.241
185.172.111.196
185.172.111.202
45.95.168.98
dcdeae98d9ab0fa3005ec36b1f55bb5b
99d3ce410735ba5e7008198aae3a6e39
4dcfa2daeb85d89da784e5e1928062de
148a1941582372ce22eacf86b5c7f852

 

Nibiru ransomware actively spreading in the wild

/in /by

The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of NIBIRU ransomware [NIBIRU.RSM] actively spreading in the wild.

The NIBIRU ransomware encrypts the victim’s files with a strong encryption algorithm until the victim pays a fee to get them back.

Infection Cycle:

The ransomware adds the following files to the system:

  • Malware.exe
    • %App.path%\ [Name]. <NIBIRU >

Once the computer is compromised, the ransomware runs the following commands: (Actual Source code)

When NIBIRU is started it will create and assign a unique ID number to the victim then scan all local drives for data files to encrypt.

When encrypting files it will use the AES encryption algorithm and only encrypt those files that match the following extensions:

The ransomware encrypts all the files and appends the [NIBIRU] extension onto each encrypted file’s filename.

After encrypting all personal documents, the ransomware shows the following picture containing a message reporting that the computer has been encrypted and to contact its developer for unlock instructions.

 

SonicWall Capture Labs provides protection against this threat via the following signature:

  • GAV: NIBIRU.RSM (Trojan)

This threat is also detected by SonicWALL Capture ATP w/RTDMI and the Capture Client endpoint solutions.

Cybersecurity News & Trends – 10-16-20

/0 Comments/in /by

This week, increasingly sophisticated ransomware is being deployed by ransomware groups increasingly functioning like businesses.

SonicWall in the News

Sonicwall Trusted By U.S. Federal Agencies, Driving Thought-Leadership With Live Webinar Event — SonicWall Press Release

  • Thursday, Oct. 15, 1 p.m. EDT, SonicWall will host a live webinar event, ‘Securing Federal Agencies in Unprecedented Times’, exploring the effects of COVID-19 on federal networks and employees, changes in the federal space in 2020, and SonicWall’s certified federal solutions.

How The Enterprise Can Shut Down Cyber Criminals and Protect A Remote A Staff  — TechRepublic

  • Hackers accidentally allowed into company software by security-noncompliant employees cost businesses millions annually. Experts to weigh in on best safety practices.

5 Campaign Cybersecurity Lessons Learned from Enterprise — SDxCentral

  • Campaigns can — and should — take a page from enterprise security best practices to harden their defenses and hunt for threats in their environments.

SonicWall Unveils Boundless 2020, Company’s Largest Ever Global Virtual Partner Event — CRN India

  • On the heels of a record-setting year that has included the introduction of the Boundless Cybersecurity platform and numerous new products, services and programs, SonicWall is hosting a three-day virtual partner event, Boundless 2020, from Nov 17-19.

The Best Firewalls For Small Business In 2020 —  Digital Trends

  • In a roundup of the top firewalls for small businesses, SonicWall’s firewalls are ranked first in the category of data-dependent small businesses. *Syndicated on Yahoo Finance

Cybersecurity Experts React on Hackney Council Cyber Attack — Information Security Buzz

  • Media outlets are reporting that Hackney Council in London has been the target of a serious cyberattack, which is affecting many of its services and IT systems.

Industry News

Study: Half of battleground states facing cybersecurity challenges ahead of election — The Hill

  • Around half of battleground states are facing cybersecurity challenges that put them at increased risk of a cybersecurity breach, a study found.

BazarLoader used to deploy Ryuk ransomware on high-value targets — Bleeping Computer

  • The TrickBot gang operators are increasingly targeting high-value targets with the new stealthy BazarLoader trojan before deploying the Ryuk ransomware.

Android Ransomware Has Picked Up Some Ominous New Tricks — Wired

  • Though ransomware has been around for years, it poses an ever-increasing threat to hospitals, municipal governments, and basically any institution that can’t tolerate downtime.

Apple pays $288,000 to white-hat hackers who had run of company’s network — Ars Technica

  • The company has so far processed about half of the vulnerabilities reported and committed to paying $288,500 for them. Once Apple processes the remainder, the total payout might surpass $500,000.

US Cyber Command: Patch Windows ‘Bad Neighbor’ TCP/IP bug now — Bleeping Computer

  • U.S. Cyber Command warns Microsoft customers to patch their systems immediately against the critical and remotely exploitable CVE-2020-16898 vulnerability addressed during this month’s Patch Tuesday.

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work — Krebs on Security

  • Judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained.

Hackers Eye Their Next Targets, From Schools to Cars — The Wall Street Journal

  • Hackers will tell you that just about anything with software and an internet connection can get hacked. The next decade will test how much that is true, and the challenge it poses to everyday life.

Ransomware Attackers Buy Network Access in Cyberattack Shortcut — Threatpost

  • Network access to various industries is being offered in underground forums at as little as $300 a pop – and researchers warn that ransomware groups like Maze and NetWalker could be buying in.

Court orders seizure of ransomware botnet controls as U.S. election nears — Reuters

  • Microsoft said Monday it had used a court order to take control of computers that were installing ransomware and other malicious software on local government networks and threatening to disrupt the November election.

The Man Who Speaks Softly—and Commands a Big Cyber Army — Wired

  • Meet General Paul Nakasone. He reined in chaos at the NSA and taught the U.S. military how to launch pervasive cyberattacks. And he did it all without you noticing.

Canva design platform actively abused in credentials phishing — Bleeping Computer

  • Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages.

In Case You Missed It

A potent keylogger on Github

/in /by

SonicWall Threats Research team came across an interesting Tweet that mentions about a repository on Github. This repository is named as Hakistan and it boasts of hacking related tools. One tool among the list of tools is a keylogger named Hakistan keylogger which does not appear to be created for malicious purposes.

 

Application details

 

Interestingly, the application name for this app is Google Service and it has a relevant icon as well. Clearly this keylogger application is trying to masquerade as a legitimate application thereby violating Google Play policies.

Install_image

Some of the services and receivers in this app request for dangerous permissions like:

  • BIND_NOTIFICATION_LISTENER_SERVICE
  • BIND_DEVICE_ADMIN
  • BIND_ACCESSIBILITY_SERVICE

Keylogging

Once execution begins, as expected the application requests the victim to grant several permissions and access:

One the required permissions are granted the keylogger keeps running in the background and monitors the victim’s keystrokes. The keystrokes are stored in a file locally as shown:

 

Additional Features

This keylogger logs more than just keystrokes. Some additional data stolen by this keylogger is as shown below:

Captures SMS on the device

 

Monitors incoming SMS

 

Forward SMS present on the device

 

Captures system information

 

Clients receive data about vicitims via email messages where the ‘from’ is keylogger@hakistan.org:

 

In case of the current sample the to address is base64 encoded, which decodes to dashdashpass7@gmail.com

 

These findings go in line with what is advertised about this keylogger:

 

Research related tools on Github are dime-a-dozen, if they are being used for research purpose most of them have a disclaimer that states their purpose. In this case the fact that the application is being saved as Google Services with believable icon makes it look a bit suspicious.

SonicWall Capture Labs provides protection against this threat via the following signature:

  • GAV: AndroidOSHakis.KLG (Trojan)

Microsoft Security Bulletin Coverage for October 2020

/in /by

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-16896 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
IPS 15203:Windows Remote Desktop Protocol Information Disclosure (CVE-2020-16896)

CVE-2020-16898 Windows TCP/IP Remote Code Execution Vulnerability
IPS 2416:Windows TCP/IP Remote Code Execution (CVE-2020-16898)

CVE-2020-16899 Windows TCP/IP Denial of Service Vulnerability
IPS 2427:Windows TCP/IP DoS (CVE-2020-16899)

CVE-2020-16907 Win32k Elevation of Privilege Vulnerability
ASPY 108:Malformed-File exe.MP.158

CVE-2020-16913 Win32k Elevation of Privilege Vulnerability
ASPY 5998:Malformed-File exe.MP.159

CVE-2020-16915 Media Foundation Memory Corruption Vulnerability
IPS 15202:Windows Media Foundation Memory Corruption Vulnerability (CVE-2020-16915)

CVE-2020-16922 Windows Spoofing Vulnerability
ASPY 5999:Malformed-File cat.MP.1

Following vulnerabilities do not have exploits in the wild :
CVE-2020-0764 Windows Storage Services Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1047 Windows Hyper-V Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1080 Windows Hyper-V Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1167 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1243 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-16863 Windows Remote Desktop Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-16876 Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16877 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16885 Windows Storage VSP Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16886 PowerShellGet Module WDAC Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-16887 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16889 Windows KernelStream Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16890 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16891 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16892 Windows Image Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16894 Windows NAT Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16895 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16897 NetBT Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16900 Windows Event System Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16901 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16902 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16904 Azure Functions Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16905 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16908 Windows Setup Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16909 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16910 Windows Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-16911 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16912 Windows Backup Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16914 Windows GDI+ Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16916 Windows COM Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16918 Base3D Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16919 Windows Enterprise App Management Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16920 Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16921 Windows Text Services Framework Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16923 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16924 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16927 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-16928 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16929 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16930 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16931 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16932 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16933 Microsoft Word Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-16934 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16935 Windows COM Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16936 Windows Backup Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16937 .NET Framework Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16938 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16939 Group Policy Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16940 Windows – User Profile Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16941 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16942 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16943 Dynamics 365 Commerce Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16944 Microsoft SharePoint Reflective XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-16945 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-16946 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-16947 Microsoft Outlook Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16948 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16949 Microsoft Outlook Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-16950 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16951 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16952 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16953 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16954 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16955 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16956 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-16957 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16967 Windows Camera Codec Pack Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16968 Windows Camera Codec Pack Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16969 Microsoft Exchange Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-16972 Windows Backup Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16973 Windows Backup Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16974 Windows Backup Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16975 Windows Backup Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16976 Windows Backup Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16977 Visual Studio Code Python Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-16978 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-16980 Windows iSCSI Target Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16995 Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17003 Base3D Remote Code Execution Vulnerability
There are no known exploits in the wild.